Fixes #1622

[prabhu]

Fixes #1622 with an additional duplicate check. Also enhanced the validator to check the purl type of dependencies.

node /Volumes/Work/CycloneDX/cdxgen/bin/cdxgen.js -o bom.json $(pwd)
Scanning /Volumes/Work/sandbox/benchmarking/SecObserve
Performing babel-based package usage analysis with source code at /Volumes/Work/sandbox/benchmarking/SecObserve
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/frontend/package-lock.json
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/frontend/lib/runtime-env-cra/package-lock.json
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/end_to_end_tests/package-lock.json
Found 697 npm packages at /Volumes/Work/sandbox/benchmarking/SecObserve
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/backend/poetry.lock
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/backend/pyproject.toml for dependencies and groups information.
cdxgen will now attempt to generate an SBOM for 'build' lifecycle phase for Python. This would take some time ...
To speed up this step, invoke cdxgen from within a virtual environment with all the dependencies installed.
Alternatively, pass the argument '--lifecycle pre-build' to generate a faster but less precise SBOM.
Executing /Users/prabhu/miniconda3/bin/python -m pip install --disable-pip-version-check -r /Volumes/Work/sandbox/benchmarking/SecObserve/mkdocs_requirements.txt
About to construct the pip dependency tree based on /Volumes/Work/sandbox/benchmarking/SecObserve/mkdocs_requirements.txt. Please wait ...
Executing /Users/prabhu/miniconda3/bin/python -m pip install --disable-pip-version-check -r /Volumes/Work/sandbox/benchmarking/SecObserve/backend/poetry_requirements.txt
About to construct the pip dependency tree based on /Volumes/Work/sandbox/benchmarking/SecObserve/backend/poetry_requirements.txt. Please wait ...
Found 225 python packages at /Volumes/Work/sandbox/benchmarking/SecObserve
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/scorecard.yml
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/scan_sca_current.yml
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/publish_docs.yml
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/generate_sboms.yml
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/check_vulnerabilities.yml
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/check_licenses_dev.yml
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/check_frontend.yml
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/check_backend.yml
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/build_push_release.yml
Parsing /Volumes/Work/sandbox/benchmarking/SecObserve/.github/workflows/build_push_dev.yml
Found 14 GitHub action packages at /Volumes/Work/sandbox/benchmarking/SecObserve
Obtained 936 components and 925 dependencies after dedupe.
===== WARNINGS =====
[
  "The parent package 'pkg:npm/secobserve@1.28.0' (type npm) depends on the child package 'pkg:pypi/secobserve@latest' (type pypi). This is a bug in cdxgen if this project is not a monorepo."
]

[prabhu]

SBOM for https://github.com/MaibornWolff/SecObserve

bom.json

[prabhu]

Happy Valentine's Day ❤️